Está en la página 1de 26

HC VIN CNG NGH BU CHNH - VIN THNG KHOA VIN THNG I -----o0o-----

CNG NGH MNG RING O VPN:


CC GIAO THC NG HM V BO MT

Sinh vin thc hin : on Thanh Bnh Gio vin hng dn: Ths.Nguyn Th Thu Hng

CNG NGH MNG RING O VPN

NI DUNG CA N TRNH BY
MT S IM TNG QUAN CA VPN CC GIAO THC NG HM BO MT TRONG VPN VN QUN L MNG VPN KT LUN

TNG QUAN MNG RING O

Mng ring (LAN) ng hm

Mng ring (LAN)

Router Router

Router

Internet

Router

Router

Router

Mng ring o VPN c nh ngha l mt kt ni mng trin khai trn c s h tng cng cng nh mng Internet vi cc chnh sch qun l v bo mt ging nh mng cc b.
3

XY DNG MNG VPN

THNH PHN C BN CA MNG VPN


MY CH MY KHCH B NH TUYN V TNG LA CNG KT NI B TP TRUNG PHN MM

TNG QUAN MNG RING OChc nng-u im

VPN CUNG CP 3 CHC NNG CHNH


TNH XC THC
TNH TON VN TNH BO MT

U IM
TIT KIM CHI PH LINH HOT D DNG M RNG GIM THIU H TR K THUT GIM THIU YU CU V THIT B
5

TNG QUAN MNG RING OPhn loi

VPN CCRNG M B

VPN TRUY CP T XA VPN CC B VPN M RNG

Remote site Remotesite


DSL DSL cable
DSL cable

PHN RA THNH 3 KIU Central site


VPN TRUY CP T XA POP VPN CC B POP Internet POP Internet VPN M RNG Internet Router
Router

Central site
or
or

or

or

POP Mobile
Vn phng n phng xa Intranetv xa

Router
PIX Firewall PIX Firewall PIX Firewall

Extranet
Business-to-business Extranet

kh ch hngt i cngty

Vn phng phng Vn trung tm trung tm


6

CC GIAO THC NG HM

C 4 GIAO THC NG HM C S DNG TRONG VPN

GIAO THC NH HNG LP 2_ L2F GIAO THC NG HM IM-IM_PPTP GIAO THC NG HM LP 2_L2TP GIAO THC BO MT IP_ IPSec

CC GIAO THC NG HM

GIAO THC NG HM IM IM
KIN TRC CA PPTP
Mng ring o VPN Mng ring oc bo v

Client

Computer

Computer

Internet
Truy cp t xa ca ISP
Client

My ch
Computer

Tiu phn phi mi trng Tiu IP Tiu mi trng khung Tiu GRE Gi ti PPP Gi d liu IP,IPX, NETBEUI Khung Ethernet

Tiu lin kt d liu

Ti PPP c Tiu Tiu Tiu Phn ui m ho IP GRE PPP (IP, IPX, NETBEUI) lin kt d liu

CC GIAO THC NG HM

GIAO THC NG HM IM IM
S DNG PPTP
Client PPTP Client PPTP

Kt ni Client -LAN

NAS

Computer

Computer

Computer

Computer

Internet
My ch mngPPTP
Computer

My ch mng PPTP B tp trung truy cp mng PPTP


Computer

Mng ring c bo v

Kt ni LAN-LAN

Mng ring c bo v

Client PPTP

CC GIAO THC NG HM

GIAO THC NG HM LP 2
KIN TRC CA L2TP
Mng ring o VPN Mng ring oc bo v

Client

Computer

Computer

Internet
Truy cp t xa ca ISP
Client

My ch
Computer

Tiu phn phi mi trng (IP, ATM, X.25) Tiu mi trng khung Tiu IP Gi ti PPP Gi d liu IP, IPX, NETBEUI
Tiu Tiu Tiu Tiu Tiu Tiu ESP lin kt IP UDP L2TP PPP IPSec d liu Ti PPP Phn ui Phn ui Phn ui (IP, IPX, nhn thc ESP lin kt ESP NetBEUI) IPSec d liu IPSec

Khung Ethernet

c m ho c xc thc

10

CC GIAO THC NG HM

GIAO THC NG HM LP 2
S DNG L2TP
Client L2TP Client L2TP

Kt ni Client -LAN

Computer

Computer

Computer

Computer

Internet
My ch mng L2TP
Computer

My ch mng L2TP B tp trung truy cp mng L2TP


Computer

Mng ring c bo v

Kt ni LAN-LAN

Mng ring c bo v
11

Client L2TP

CC GIAO THC NG HM

GIAO THC BO MT IP
KHUNG GIAO THC IPSec

12

CC GIAO THC NG HM Giao thc IPSec

GIAO THC BO MT IP
HOT NG CA GIAO THC IP
Encrypted Clear text Digital Certification Mng ring c bo v Certificate Authority D liu IKE Session Internal Network ` SA Mng ring oc bo v Internal Network

Internet

Route A
LAN

Route B
LAN
Authenticated Encryption Tunnel

14

BO MT TRONG VPN Xc thc

XC THC NGUN GC TON VN

BO MT TRONG VPN BAO GM HAI QU TRNH:



XC THC PAP GIN KHU - V IP MD-MD XC THC XCLC THNGMT M MT THC NGUN GC XC THC YU CU BT TAY- CHAP XC THC TNH TON VN M XC THC BN TIN-MAC H THNG IU KHIN TRUY CP U CUI -TACACS CH K DNG XC THC NGIS-DS QUAY S T XA - RADIUS CC H THNG PHN CNG NH SMART CARD H THNG SINH TRC HC

TNH TON VN

15

BO MT TRONG VPN Xc thc: Ton vn

GIN LC THNG IP
MD l phng php s dng pht hin li truyn dn da trn hm bm (hash) mt chiu. Cc hm bm mt chiu c s dng tnh MD.
Ti liu hoc bn tin Ti liu hoc bn tin

Hm hash

MD5

SHA-1

Message Digest

128 bit

160 bit
16

BO MT TRONG VPNXc thc: Ton vn

Ti liu hoc bn tin

Padding Length 512bit XN

Block 1 512 bit

Block 2 512 bit

Block N 512 bit

I V

Hm hash MD5/SHA

Hash

Hm hash MD5/SHA

Hash

Hm hash MD5/SHA

Hash MD ca bn tin

Cu trc c bn ca MD5/SHA

17

BO MT TRONG VPN Xc thc: Ton vn

M XC THC BN TIN
MAC l phng php bo v chng sa i bt hp php ni dung ca bn tin. MAC c thc hin da trn hm bm mt chiu kt hp vi kha b mt
Pha pht
Ti liu hoc bn tin Knh truyn dn

Pha thu
Ti liu hoc bn tin

Key

Key

Key Hash Function

Key Hash Function

MAC So Snh MAC MAC


18

BO MT TRONG VPN Xc thc: Ton vn

CH K S
Ch k s c thc hin bng cch mt m gi tr hash thu c t Pha pht Pha thu hm bm mt chiu. Gi tr hash (MD5 hay SHA) ca bn tin c mt m vi kha b mt ca pha pht to thnh ch k s v c Ti liu Ti liu truyn i cng tin bn tin tng ng. hoc bn vi hoc bn tin
Hm hash Gi tr hash M ho vi kho ring Knh truyn dn Gi tr hash Gi tr hash M ho vi kho cng cng

So snh

Ch k

Ch k

19

BO MT TRONG VPN M ho
B MT

THUT TON M HO KHO CNG CNG

CNG CNG

HAI KIU THUT TON M HO S DNG KHO Transfers Receives Shared THUT TON M HO KHO B MT Shared Public Public Key Secret Key Key Secret Key
THUT TON M HO KHO CNG CNG
Ecryption Message Clear Message Clear Message

Encrypt

Decrypt

clear Message

Encrypt

Encrypted Message

Decrypt

clear Message

Thut ton m ha kha cng cng: s dng mt kha m ha v mt kha khc gii m nhng hai kha ny c lin quan vi nhau Thut ton m ha duy b mt: s dng chung mt hai to thnh mt cp kha khanht ca mt bn tin, ch ckhakha 20 ny m ha th gii m bn gii m cho nhau mi c v m ha v tin.

BO MT TRONG VPN M ho kho b mt

CHUN M HO D LIU DES THUT TON DES Chun l s ktKey (64 bt)k thut hp ca hai Li-1 Ri-1 Khoi-1 c32 trong mtkhi32 xo trn v B Parity (56 bn Hon v m lto xp li
(IP)
bt) DchKey (64Dch bit) Hon v khi to B Parity (56 (IP) bit) 56 Hon v m rng Round 11 Round Hon v nn 48 Round 2 Round 2 48 Round 16 S-Box (Thay th) 32 Hon v o (RP) Ciphertext Block P-Box (HonRound 16 v) (64 bits) Paintext Block (64 bit)

Paintext Block (64 bit) m ho d liu DES

Mng Fiestel

32

Hon v o (RP) 32 Ciphertext iBlock R (64 bits)


Mng Fiestel thut ton DES S

Li

56 Khoi
21

QUN L MNG VPN


BO MT A CH CHT LNG

QUN BO LNG QUN L LMNG VPN QUN LCHT MT QUN L A CH


Mng CPQUN ABO MT ring QUN L CC L CH THC PHT PHNG

HIU NNG MNG NATQUN L ACC CNG V CC A CH IP QUN L KHO CHO CH RING NI GIM ST HIU NNG ISP V SLA L QUN L CHT LNG MNG QUN din KHO CHO CC NGI DNG Giao Eo
IP: 10.2.2.2 Internet

M HO

QUN L DCH V XC THC

QUN L CC CA NI B B nh tuyn

Giao din E1 NAS Giao din Eo IU IP: 10.2.2.1 KHIN QUYN TRUY CP IP:192.168.2.1 S a ch cng cng ca mng Internet (bn ngoi) 22

S a ch ring ca mng ni b (bn trong)

V D

QU TRNH THIT LP KT NI
Bc 1: Ngi xa thc hin kt ni vi nh cung cp dch v ISP nh bnh thng.

23

V DThit lp kt ni Bc 2: Khi ktsbo mt ch liu dc m haquathc hin 4: My ch d ti gi d thu liu yu cu, v ng 3: Ngi ning mng cng ty m ha xuynngi s dng gii to mt ng hm ISP. hm thng qua kt ni cabo mt hng mt ch d liu c gii khim. Sau , my chti my ch bo nhng gica mng cng m ti mng cng ty. ty. My ch xc thc ngi s dng v to kt cui cn li ca ng hm

D liu m ho

D liu m ho
24

KT LUN

IPSec p ng c tt cc nhu cu cao v an ton d liu, l gii php chnh cho bo mt cc VPN ca cc t chc, cng ty. Tuy nhin, IPSec ch h tr lung IP mt chiu; nu cc gi d liu IP mt chiu c ng hm ho, sau mt kiu ng gi duy nht c cung cp bi IPSec l v n gin cu hnh v sa cha. to ng hm cho IP nhiu hng ta c th s dng L2TP, vi lung lu lng mng s dng mng, thit b ca Microsoft th L2TP l s la chn tt nht. L2TP cng ph hp vi cc VPN truy cp t xa h tr a giao thc. Tuy nhin, L2TP khng h tr m ho d liu v tnh ton vn d liu v th s dng IPSec kt hp vi L2TP l gii php ton vn.
25

KT LUN

VPN c pht trin vi nhu cu cung cp lin lc bo mt trn Internet chung, bt k loi lu lng no m khng cn quan tm n ng dng nn trong tng lai s m rng cc VPN n Extranet. Vi nhiu nh qun l, Extranet c nhiu thun li cho vic lin lc gia nhiu i tc kinh doanh l: Cc Extranet thng c xy dng da trn giao thc TCP/IP, m giao thc ny thun li cho vic lin kt cc mng con (ring). S dng Internet lin kt cc mng vi linh ng cao hn trong cc th tc v kt thc cc hot ng ngn hn khi cn. Extranet c lun chuyn xung quanh WWW, iu ny gip cung cp giao tip ngi dng chung ti nhiu ng dng qua cc ranh gii cng ty.
26

XIN CHN THNH CM N

27

Calificar